Skip Navigation Change Font Size

Management Issue 3:
Preventing and Detecting Medicare and Medicaid Fraud

Why This Is a Challenge

Perpetrators of schemes to defraud Medicare and Medicaid range from criminals who masquerade as bona fide health care providers and suppliers but who do not provide legitimate services or products to Fortune 500 companies that pay kickbacks to physicians in return for referrals. Fraud is a crime of deception, and perpetrators design their schemes to avoid detection. The Department faces multiple challenges in preventing and detecting these frauds, including:

  • effectively using CMS's provider enrollment and payment suspension authorities against those providers and suppliers that have exploited weaknesses to commit fraud rather than provide legitimate patient care;
  • managing the Department's expanding use of data analysis;
  • collecting and maintaining complete and accurate data, particularly Medicaid data from diverse State programs and systems, to support CMS and OIG oversight and enforcement activities;
  • monitoring Medicare and Medicaid benefits delivered by private plans for fraud; and
  • excluding individuals and entities from Federal health care programs to protect the programs and beneficiaries.

Many of CMS's essential program integrity activities are carried out by contractors. (See also Challenge 6, Ensuring Efficiency and Effectiveness of Medicare and Medicaid Program Integrity Contractors, for information on issues specific to CMS contractor oversight and effectiveness.)

Progress in Addressing the Challenge

A magnifying glass illuminating fraud over a binary background

Enrollment and Payment. In February 2011, CMS published a final rule implementing the ACA provisions concerning screening of providers and suppliers on the basis of fraud risk. CMS's enhanced payment suspension regulations took effect in March 2011. In this rule and subsequent regulations, CMS established three levels of screening for providers (limited, moderate, and high) and designated categories of providers and suppliers to each level. In December 2011, CMS launched its Automated Provider Screening (APS) system, which is designed to identify ineligible providers or suppliers prior to their enrollment or revalidation. CMS completed the procurement of a national contractor to increase efficiency and standardization of provider site visits, and this contractor began performing these visits in January 2012. In addition, CMS plans to increase the frequency of unannounced out-of-cycle site visits.

Data Analysis and Data Quality. Enhanced data analysis made possible the impressive enforcement results of the nine Medicare Fraud Strike Forces, which are part of the Health Care Fraud Prevention and Enforcement Action Team (HEAT). The strike forces are interagency teams of prosecutors and special agents that focus enforcement resources on geographic areas at high risk for fraud. CMS has made claims data available more quickly and efficiently by providing law enforcement increased access to data, including real-time data. Through HEAT, these data are analyzed and inform the deployment of Strike Force teams.

CMS uses FPS to risk-score Medicare FFS claims prepayment and has awarded a contract to develop and test new predictive models for inclusion in the FPS. Additionally, CMS opened its Command Center, which provides a collaborative, multidisciplinary environment for investigators, data analysts, clinicians, and subject-matter experts to work on cases, drive innovation and improvement in predictive modeling, and monitor progress. CMS established the Medicaid and Children's Health Insurance Program Business Information and Solutions (MACBIS) Council, which provides leadership for the development and deployment of enterprisewide improvements in the accuracy and availability of data for Medicaid program integrity and oversight. To improve the quality of data collected from States in the Medicaid Statistical Information System (MSIS), CMS has undertaken a pilot test of 10 States (2 States have subsequently joined the pilot test; however, they have not yet contributed data) to expand the MSIS data set (called Transformed-MSIS, or T-MSIS) and allow CMS to review the completeness and quality of State MSIS submittals as they are received. CMS states that it plans to launch national implementation of T-MSIS in 2014.

Monitoring Medicare and Medicaid Benefits Delivered by Private Plans. CMS has strengthened its oversight of Parts C and D program integrity by auditing Part D sponsors' compliance plans; issuing guidance regarding Parts C and D sponsors' program integrity training responsibilities, including identifying invalid prescriber identifiers; and hosting its first annual program integrity conference for Parts C and D sponsors. In 2010, CMS began implementing a broad set of Medicaid initiatives focused on assessing and improving States' performance in meeting regulatory requirements and ensuring that managed care systems deliver accessible, available, and appropriate services to Medicaid beneficiaries.

Accountability. CMS's imposition of payment suspensions is one example of the Department's increased focus on using its administrative tools to ensure accountability. Each year, OIG excludes thousands of individuals and entities from participating in Federal health care programs for a variety of reasons set forth in law, ranging from health care fraud convictions to loss of medical license for professional incompetence. OIG issued guidance on its authority to pursue exclusion of responsible corporate officers of sanctioned providers and suppliers that may otherwise view civil penalties and fines as the cost of doing business. OIG and its law enforcement partners, including the Medicaid Fraud Control Units, also investigate suspected fraud and refer cases to the Department of Justice for criminal and civil adjudication.

What Needs To Be Done

CMS has additional opportunities to strengthen the enrollment system, including adopting a more flexible screening approach, tailoring screening measures to fraud risks, and classifying reenrolling durable medical equipment (DME) and home health providers as "high risk" when appropriate. CMS should also focus enrollment scrutiny on providers such as independent diagnostic testing facilities (IDTF) and comprehensive outpatient rehabilitation facilities (CORF), as OIG found that IDTFs and CORFs did not comply with basic Medicare requirements to maintain open and accessible physical locations as reported to and on file with CMS. In addition, CMS should consider instituting temporary enrollment moratoria for certain types of providers in geographic areas at significant risk for fraud, such as home health providers in Florida and Texas.

The Department should continue to collect and maintain more robust data sets, particularly for State Medicaid programs, as well as further facilitate law enforcement's access to data. OIG and the Department must also ensure that OIG has the capacity to handle the volume of new fraud referrals that can be expected from CMS's expansion into predictive modeling and that CMS and OIG coordinate closely on such referrals. CMS should also strengthen fraud and abuse prevention efforts by issuing regulations for mandatory provider compliance plans under sections 6102 and 6401 of the ACA.

CMS must also continue to monitor Medicare Advantage and Part D plans' implementation of integrity safeguards, provision of covered services to all eligible beneficiaries, and compliance with marketing rules. CMS will also need to oversee plans' compliance with medical loss ratios and ensure that plans are not inflating their direct health care costs. As States increasingly use managed care to deliver Medicaid services, CMS should require that State contracts with managed care entities (MCEs) include a method to verify with beneficiaries whether services billed by providers were received, and CMS should update guidelines to reflect current concerns expressed by MCEs and States.

The Department should continue to focus on accountability for fraud. In addition, OIG will continue to use its exclusion authority to protect the Department's programs and beneficiaries, including considering cases in which excluding responsible corporate officers of sanctioned providers and suppliers is appropriate and monitoring the effect of such an exclusion on recidivism.

Key OIG Resources

Management Issue 4: Ensuring Patient Safety and Quality of Care

I'm Looking For

Let's start by choosing a topic

Exclusions Database Report Fraud
Newsletter Sign Up Envelop Graphic

Stay up to date on the latest OIG news and opinions

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201